diff options
Diffstat (limited to 'templates/firewall')
-rw-r--r-- | templates/firewall/group/address-group/node.tag/address/node.def | 32 | ||||
-rw-r--r-- | templates/firewall/group/port-group/node.tag/port/node.def | 32 |
2 files changed, 58 insertions, 6 deletions
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def index 26519c0..d5f85b0 100644 --- a/templates/firewall/group/address-group/node.tag/address/node.def +++ b/templates/firewall/group/address-group/node.tag/address/node.def @@ -8,9 +8,35 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ --set-type=address \ --member=\"$VAR(@)\"; " -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ - --set-name=$VAR(../@) \ - --member="$VAR(@)" +create: tmpgrp=$VAR(../@)-$PPID + tmpfile="/tmp/$VAR(../@)-$PPID"; + + if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ + --set-name=$VAR(../@) + if [ $? != 0 ]; then + touch $tmpfile; + fi; + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ + --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp + fi; + + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ + --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@) + if [ $? != 0 ]; then + sudo ipset --destroy $tmpgrp; + if [ -e $tmpfile ]; then + sudo ipset --destroy $VAR(../@); + rm $tmpfile; + fi; + exit 1; + fi; + + if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then + sudo ipset --swap $tmpgrp "$VAR(../@)"; + sudo ipset --destroy $tmpgrp; + rm -f $tmpfile; + fi; delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ --set-name=$VAR(../@) \ diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def index 5ce33b1..2aa367c 100644 --- a/templates/firewall/group/port-group/node.tag/port/node.def +++ b/templates/firewall/group/port-group/node.tag/port/node.def @@ -8,9 +8,35 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ --set-type=port \ --member=\"$VAR(@)\"; " -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ - --set-name=$VAR(../@) \ - --member="$VAR(@)" +create: tmpgrp=$VAR(../@)-$PPID + tmpfile="/tmp/$VAR(../@)-$PPID"; + + if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ + --set-name=$VAR(../@) + if [ $? != 0 ]; then + touch $tmpfile; + fi; + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ + --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp + fi; + + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ + --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@) + if [ $? != 0 ]; then + sudo ipset --destroy $tmpgrp; + if [ -e $tmpfile ]; then + sudo ipset --destroy $VAR(../@); + rm $tmpfile; + fi; + exit 1; + fi; + + if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then + sudo ipset --swap $tmpgrp "$VAR(../@)"; + sudo ipset --destroy $tmpgrp; + rm -f $tmpfile; + fi; delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ --set-name=$VAR(../@) \ |